Using Duo Multifactor Authentication

Duo adds a layer of security to your accounts. Verifying your identity using another factor, like your mobile device or hardware token, prevents anyone but you from logging in, even if they know your password. You'll log in as usual with your username and password, and then use your device to verify that it's you.

Table of Contents

Duo Security FAQ

Duo Device and Software Requirements

Duo Troubleshooting

Configuring Duo on a New Phone

Authenticate Using Duo Push

Authenticate Using Duo Verified Push

Authenticate Using a Duo Token

My Primary Duo Authentication Device is Lost or Broken

Add an Additional Device to Duo Mobile

Use Duo Mobile to Protect Non-Davidson Accounts

 

Duo Security FAQ

Q: Why do I need Duo multifactor authentication? 

A: Usernames and passwords provide some protection; however, over time bad actors have devised numerous ways to crack these credentials. In order to improve the protection of sensitive data elements, multifactor authentication (MFA), are required: 

  1. Something you know (a password), and
  2. Something you have (usually a mobile device)

Q: What services are protected with Duo?

A: All applications that offer SSO (single sign-on), such as Office 365, Google Drive/GSuite, Moodle, Zoom, Slate, and Maxient require Duo multifactor authentication. Additionally, VPN access from off-campus and confidential applications like Banner and Blackbaud require Duo.

 

Q: What devices are supported by Duo?

A: Duo is available as a mobile app in the Apple App Store and the Google Play Store. Phones and laptops being used to log into applications that require Duo authentication must be using a browser that is no more than 365 days out of date. Further questions can be directed to the T&I Support Center at ti@davidson.edu or 704-894-2900. 

 

Q: Once I have Duo, how can I authenticate?

A: There are several methods to authenticate in Duo:

  • Duo Mobile Push
    If you use your smartphone or tablet, you can install the Duo Mobile app and send a notification to your device. To authenticate, you choose to Accept or Deny the request on your mobile device.
  • Using a personal hardware token/fob
    If you have a hardware token already (ex: Yubikey), you can insert the token like a USB and tap it to authenticate, or use Touch ID on a Mac. Setting up Touch ID on Mac requires access from T&I, so you will need to reach out to ti@davidson.edu for help with this. 
  • Using a provided Duo token
    If you cannot or will not use your mobile device to authenticate, the T&I Support Center can provide you with a Duo token. You will press a button on the token to generate a passcode that you can then enter in the portal.

Q: Do I need a smartphone to use Duo? What if I don’t have a smartphone?

A: If you have a smartphone, you’ll find it makes Duo more convenient. You probably already have your smartphone with you, and it’s easy and quick to acknowledge a login through the Duo app. You can also choose to use the Duo app for multifactor protection on personal services like Gmail, Instagram, Facebook, and other sites. 

If you do not own a compatible smartphone, T&I will provide one Duo key fob (for students) or one authentication key (faculty/staff) at no cost.

Q: My account is locked out. What should I do?

A: If you exceed 10 failed login attempts, your account will be locked down. Please contact the T&I Support Center at ti@.davidson.edu or 704-894-2900 for assistance. 


Q: I lost or broke my primary authentication device. What should I do?

A: Please take action ASAP if you’ve lost your phone so that no unauthorized person(s) can access your account. Call 704-894-2900 to walk through your next steps. 


Q: I purchased a new phone. How do I set up my new device?

You will need to contact the T&I Support Center at 704-894-2900 for assistance.

Q: I’m having trouble authenticating in Duo. What should I do?

A: Please read this article for solutions to some common authentication problems. If you still have questions or concerns, please contact the T&I Support Center at ti@davidson.edu or 704-894-2900.


Duo Device and Software Requirements

For security reasons, users are required to keep their devices up-to-date. If you are a high-risk user, you will be required by Duo to do so. 

You will be warned, and perhaps blocked, whenever your OS, Flash and/or Java plugins, or browser are out of date. If you are blocked, please contact the Support Center.

Please note that these are the minimum requirements and that it's always a good idea to keep your devices up-to-date.

Mobile Device Requirements

Device Type Supported Platform
iOS iOS 14.0 or newer
Android Android 10.0 r

 

OS and Software Requirements

All users will be warned whenever your OS, Flash and/or Java plugins, or browser are out-of-date and blocked if they do not meet the following requirements:

Browser No more than 1 year out of date
Flash and Java plugins No more than 1 year out of date
Windows OS At least Windows 7
macOS At least Mac OS X 10.14 Mojave 

 

Additional Requirements for Applications with Highly Sensitive Data 

Access to Banner Admin Pages and Etrieve is restricted to Davidson-owned workstations. 

Attempts to login to Etrieve or Banner Admin Pages from a non-Davidson-owned computer will fail with an error message similar to the following:

Duo Troubleshooting

If you are having difficulties with Duo, read about some of the common issues below to help troubleshoot.  

If you are using Duo Mobile, does your phone have a passcode?

For security reasons, Duo requires that high-risk users have some type of mobile device screen lock whether it’s a pattern, passcode, biometric, etc.  


Is the date and time on your device correct? 

In order to authenticate properly, the date and time on your device needs to be correct. You can typically set your device to automatically adjust the time settings.


Are your browser, plugins, and operating system up-to-date?

Duo requires that you keep your chosen browser, plugins, and operating system up-to-date in order to authenticate. If you see a notice from Duo that your browser is out of date, follow the instructions provided to update.


Is your Duo Mobile app updated?

All high-risk users are required to have up-to-date security updates for Duo Mobile. 

 

Authenticate Using Duo Push

1. Unless you are using a hardware token or a security key as your 2-factor authentication device, Duo Push is configured as the default authentication method.  If Duo Push is not your default authentication method in Duo, you can still perform a Duo push by clicking cancel on the initial prompt:

Screenshot_2023-05-31_at_1.52.18_PM.png

2. Then select Other options:

Screenshot_2023-05-31_at_1.52.49_PM.png

3. Under Other options to log in, select Duo Push:  

Screenshot_2023-05-31_at_1.53.14_PM.png

4. Upon selecting Duo Push, you should see a popup similar to the one below asking you to check for the push on your device:

Screenshot_2023-05-31_at_1.54.23_PM.png

 

5. In the Duo app on your device, verify that the application name matches the name of the application you are logging in to and then select the green check mark to approve:

 

Authenticate Using Duo Verified Push

Risk-Based Verified Push increases the security of Duo multi-factor authentication by requiring users to enter a six-digit code that is displayed in a popup window into the Duo mobile app when Duo detects the authentication is “risky.” Requiring a verification code helps to mitigate the risk of "push harassment" attacks where multiple, successive push notifications are sent in an effort to trick users into accepting a push for a fraudulent login attempt.  It also reduces the risk of "push fatigue" where users pay less attention to their logins and absent-mindedly accept a fraudulent push.

If you see a popup like the one above, Duo has detected an anomaly in your authentication and has elevated your authentication method to a verified push.  To authenticate, simply enter the 6-digit code displayed on the popup into the Duo mobile app.

Some applications that contain highly sensitive data will always send a verified push.  For those applications, the code will be a 3-digit code as long as Duo does not detect any anomalies in the authentication attempt.  If the authentication attempt appears to be anomalous or risky, a 6-digit code will be required.

Authenticate Using a Duo Token

Supported Browsers: Chrome, Firefox, Safari, and Edge.
  1. Visit the site protected by Duo.

  2. Click the Device dropdown to choose your preferred authentication device.                                                                                                                                                                                                 2b.png                                                                               
  3. You can choose to remember your device for a period of time.

    3b.png                                                                                                       
                                                                           
  4. Choose Enter a Passcode.

  5. Click the green button on your Duo token. It will generate a one-time passcode.

  6. Enter the passcode into the Duo portal.  

 

My Primary Duo Authentication Device is Lost or Broken

We recommend that you contact the T&I Support Center ASAP so that we can: 

  • Delete the device from your account 
  • Set you up with a temporary Duo token for authentication until you find or replace your lost device

 

Add an Additional Mobile Device to Duo Mobile

The self-service device management portal previously hosted at duo.davidson.edu has been disabled. If you need to add a new device to Duo, please call our service desk at 704-894-2900.

To help protect your Duo account from unauthorized activity, you will receive a Duo push and an email notification from no-reply@duosecurity.com when you add or remove an authentication device in Duo.

Use Duo Mobile to Protect Non-Davidson Accounts

The Duo Mobile Application can not only provide a second factor for Davidson-protected services, but it can also generate passcodes to act as a second factor for other applications you might want to protect like a password manager or online banking account. 

  1. Check to see if your service offers multi-factor authentication (MFA). Here are some of the common applications that offer MFA: Google, LastPass, DropBox, Amazon, Twitter, Facebook.  

  2. Under their MFA options, choose Authenticator App or Code Generator App. The service should generate a QR code.

  3. Open the Duo Mobile App on your mobile device. 

  4. Press the + button in the upper right hand corner, and scan the QR code. A new account should be added to your Duo Mobile App.               
  5. To complete 2FA setup, the service should ask you for a confirmation code. Press the key next to your account in your Duo Mobile App and it will generate a 6-digit passcode.  
  6. From then on out, whenever you log in to that service, it should ask you to enter a 6-digit passcode from the Duo Mobile App. 

 

Request Help